I set up Win2000 Server in VPC2007 to test things out and hopefully roll out a brand new site by September. I was getting ready to finish testing DNS when this happened :


This "VMWare Service" started crashing en-masse and because the default recovery action was to restart the service I quickly opened Task Manager and ran services.msc to stop that thing before it crashed the entire system.

To be honest I have absolutely no clue whatsoever as to how something labelled VMWare ended up in VPC. Since I was testing a server, I had no reason at all to screw around with stuff from VMWare (hell knows for what reason I'd do that though). My guess is that a virus slipped through. I'll see what I can do about it.

EDIT: Forgot to mention : as a side effect, when that serviced crashed, it crashed the shell too, that's why I had to use Task Manager.
EDIT2: path to the culprit is this : C:\WINNT\system\VMwareService.exe . In System, eh ? FFS I'm running NT not 9x, at least they could've been more clever and placed it in System32 like it was supposed to for any normal 32-bit NT system !

This is quite strange. Any error codes? Anything specific?

Just for your information VMware does not have a service named "VMwareService".

I use VMware Workstation and in a virtual machine I only have these VMware related services starting with VMware:


And in physical PC there are following:


It is probable that your system is infected by some malware.
-------------------------------------
You may mount the VHD to your physical PC and scan for viruses inside it, or simply delete the VM and re-create one.

Malware for sure... See if you can remove it, otherwise you'll have to re-install the OS...

Make sure the VM is independent from the host machine (no Shared Machine/Folder), because the malware could infect your machine (-> host) too.

Aparently my last edit wasn't registered. Thanks for the images PlyrStar93, I'm used to using VPC so I wasn't sure if that name was legit or not.
Anyway, I tracked the buggers from Process Explorer and removed them (there were like two other rouge processes running). VMWare Service also had to be removed from the registry.

They sure work fast. Only a couple of hours passed since I installed the system. Next time I'll start looking through TechNet for articles on network security.
By the way, just for kicks, is it possible to "extract" NepTune's firewall and install it on NT5 ? Or did they integrate it deep in the system ?

Neptune's firewall really isn't a firewall --> it's just a checkbox on network connection properties that says "Enabled firewall mode for this connection.". So far, no settings interface was found whatsoever...

I don't know exactly if it is possible to extract Neptunes Firewall (is this a real firewall?) but...
For Antivirus maybe:
- AntiVir Free
or
- Avast
and for a Firewall maybe:
- Sygate Personal Firewall Version 5.5 (5.6 is unstable)
or
- ZoneAlarm Firewall

I was thinking about ClamWin being open-source (and because just about any AV license is overpriced) but I'm not too sure about its detection rate. I know it doesn't offer real-time protection but that's about it.

Started following this TechNet article, quite an interesting read.
I installed Sygate (really awesome firewall, thanks ViennaXP !), updated IE but for some odd reason I can't use the Windows Update site (Error number: 0x800B0109).
Based on a quick search, it seems to be a activex or certificate problem. I configured the local policies to prompt on all non-driver installs and approved every single message that popped in the browser. I also added update.microsoft.com to the Trusted sites list but nothing changed.

I never had any problems in updating the Workstation version of 2000 so perhaps there's a server-specific security issue.

Don't want to clutter the forum with another thread so I'll repurpose this one since the issue's somewhat connected.
I solved the update issue by manually patching with Update Rollup 1, USP5.1 and UUpdate Rollup 2.

I also installed F-Prot as an AV because I remember using it a good couple of years ago and it was pretty lightweight and decent. Finally I ran Base Security Analyzer and solved all outstanding issues mentioned in its report.

My new problem now is with Exchange 5.5 and Internet Mail Service. DNS is up and running properly, incoming mail is received properly yet I can't send any mail.
My Link Monitor doesn't show anything unusual, Internet Mail Service doesn't show any incoming mails in Queues and I don't receive any message delivery failure / delay notifications.

I'm certain there's a configuration error but I have no idea what I forgot to set up / what I configured improperly.
Or maybe my domain is getting filtered by the hotmail, yahoo! servers ? (my Exchange server uses a .tk domain so perhaps their filters associate it with spam and other malicious traffic since its a free domain)

EDIT: Forgot to mention, I updated Exchange 5.5 to SP4 so that OWA may run.
EDIT2: Connected to mx1.hotmail.com through Telnet and found out my problem. I'll have to contact my ISP for this...

Thanks everyone for your support !

If it were "VMWare Tools" it'd be just a buggy VMWare integration, but "VMWareService" sounds awfully fishy.

Oh my! After doing a bit of research, this is likely a virus! Source: http://www.bleepingcomputer.com/startup ... 18160.html

Apparently there are two types of VMwareService.exe 's. One is legit: name "VMWare Tools Service", one is a backdoor process: name "VMWareService"
http://www.bleepingcomputer.com/startup ... 24554.html and http://www.bleepingcomputer.com/startup ... 17532.html

Interesting find. VM users beware